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DETAILED ACTION 



Response to Amendment 

This action is in response to Applicant's amendment filed September 5, 2006. Claims 
32-40 have been cancelled. Claims 1-31 are pending in the present application. 

Continued Examination Under 37 CFR LI 14 

A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Apphcant's submission filed on September 5, 2006 has been entered. 

Claim Rejections - 35 USC § 112 
The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

Claims 1-31 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply with 
the enablement requirement. The claim(s) contains subject matter, which was not described in 
the specification in such a way as to enable one skilled in the art to which it pertains, or with 
which it is most nearly cormected, to make and/or use the invention. Independent claims 1,11, 
18 and 27 have been amended to describe the invention as either a method or system for 
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controlling network system usage by an attached function through direct modifications by one or 
more devices of the network infrastructure of static and/or dynamic policies for the attached 
function without manual intervention by a network administrator . The underlined feature is not 
supported by the specification. Apphcant is hereby requested to point out exactly where this 
feature is taught in order to overcome this rejection. 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claims 1-31 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

Regarding independent claims 1,11,18 and 27, it is unclear as to who (the attached 
function, the network infrastructure, a network administrator, etc) is performing the steps as 
claimed. 

Claims 1 and 1 1 recite the limitation "devices of the network infrastructure." There is 
insufficient antecedent basis for this limitation in the claims. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-31 are rejected under 35 U.S.C. 103(a) as being unpatentable over USPN 
6,122,664 issued to Boukobza et al. (hereinafter referred to as Boukobza) in view of USPN 
6,502,131 issued to Vaid et al. (hereinafter referred to as Vaid). 

Regarding claim 1, Boukobza teaches a method of controlling the usage by an attached 
fimction of network services associated with a network system that includes the attached 
fiinction, one or more other attached fimctions and network infi-astructxure, the method 
comprising the steps of: 

a, obtaining information associated with the network system (abstract); 

b: setting one or more static policies for network services usage by the attached fimction 
(col. 2, Unes 21-36; col. 3, line 60 to col. 4, line 5); 

c. setting one or more dynamic policies for network services usage by the attached 
function (col. 2, lines 21-36; col 3, line 60 to col. 4, line 5); and 

d. monitoring the network system for triggers (abstract). * 

However, Boukobza fails to explicitly teach: e. modifying directly by one or more 
devices of the network infrastructure without manual intervention by a network administrator the 
static pohcies, the dynamic policies, or both for the attached fimction upon the detection of one 
more triggers. Li an analogous art,Vaid teaches modifying directly by one or more devices of the 
network infrastructure without manual intervention by a network administrator the static policies. 
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the dynamic policies, or both for the attached function upon the detection of one more triggers 
[figure 3; col. 27, line 45 to col. 28, line 28]. At the time the invention was made, one of ordinary 
skill in the art would have been motivated to modify the dynamic and static policies upon the 
detection of a trigger in order to protect the managed resources in the network, thus making the 
network system more robust to threats. 

Regarding claim 2, Boukobza teaches the method as claimed in claim 1 further 
comprising the step of saving set and modified policies associated with the attached function as 
policy history for the attached function (col. 18, lines 49-53). 

Regarding claim 3, Boukoba teaches the method as claimed in claim 2 further comprising 
the step of querying whether a poHcy history exists for the attached function after obtaining the 
information from the network system (col. 22, lines 24-27). 

Regarding claim 4, Boukoba teaches the method as claimed in claim 2 wherein the step 
of saving the set and modified policies associated with the attached function includes the step of 
caching some or all of the policy history in a network system device (col. 30, line 58-62). 
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Regarding claim 5, although Boukoba does not expUcitly teach the method as claimed in 
claim 4 further comprising the step of invalidating the cached policy history based upon the 
occurrence of a specified event, it is well known in the art that cache can be invaUdated anytime 
upon a user's command or specification. 

Regarding claim 6, Boiikoba teaches the method as claimed in claim 5 wherein the 
specified event is selected firom the group consisting of time, size limitations, storage limits, a 
policy change, or a network system change (col. 2, lines 14-20). 

Regarding claim 7, Boukoba teaches the method as claimed in claim 2 fiirther comprising 
the step of evaluating whether the policy history includes any static policies that may be set for 
the attached fimction in a current session (col. 18, lines 49-53). 

Regarding claim 8, Boukoba teaches the method as claimed in claim 1 wherein the 
triggers include timeouts, attached fimction changes, network infi*astructure changes, intrusion 
detection events, firewall events, administrator inputs, network service changes and network 
service change requests (abstract). 
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Regarding claim 9, Boukoba teaches the method as claimed in claim 1 wherein the 
information includes attached function information, access device information, access port, 
number of devices per port, priority per port, priority per appUcation, priority per device, 
application requested, exchange protocols available, port security, access location, and access 
time (col. 6, lines 65-67). 

Regarding claim 10, Boukoba teaches the method as claimed in claim 1 wherein the only 
static policy is that there are only dynamic policies (abstract). 

Claims 1 1-17 are similar to claims 1-6 and 8, respectively, therefore are rejected under 
the same rationale. 

Regarding claim 18, Boukoba teaches a system to control the usage by an attached 
function of network services associated with a network system that includes the attached 
function, one or more other attached functions and network infrastructure, the system 
comprising: 

a. means, forming part of the network system, for obtaining information associated with 
the network system (abstract). 
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However, Boukoba does not explicitly teach: b. a dynamic policy function module of the 
network infrastructure for setting static and dynamic policies for the attached ftinction, for 
monitoring the network system for triggers, and for modifying directly by one or more devices of 
the network infrastructure the static policies, the dynamic policies, or both for the attached 
function without manual intervention by a network administrator based the detection of one or 
more triggers. 

In an analogous art, Vaid teaches a dynamic policy function module of the network 
infrastructure for setting static and dynamic policies for the attached function, for monitoring the 
network system for triggers, and for modifying directly by one or more devices of the network 
infrastructure the static policies, the dynamic policies, or both for the attached function without 
manual intervention by a network administrator based the detection of one or more triggers 
[figure 3; col. 27, line 45 to col. 28, line 28]. At the time the invention was made, one of ordinary 
skill in the art would have been motivated to modify the dynamic and static policies upon the 
detection of a trigger in order to protect the managed resources in the network, thus making the 
network system more robust to threats. 

Regarding claim 19, Boukoba teaches the system as claimed in claim 18 wherein the 
dynamic policy function module is a centralized module of a policy server of the network 
infrastructure (see the figure). 
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Regarding claim 20, Boukoba teaches the system as claimed in claim 18 further 
comprising means for saving set and modified policies history (col 18, lines 49-53). 



Regarding claim 21, Boukoba teaches the system as claimed in claim 20 wherein the 
means for storing set and modified policies history forms part of the policy server of the network 
infrastructure (col. 18, lines 49-53). 

Regarding claim 22, Boukoba teaches the system as claimed in claim 20 wherein the 
means for storing set and modified policies forms part of an interconnection device of the 
network infi-astructure (figure). 



Regarding claim 23, Boukoba teaches the system as claimed in claim 18 wherein the 
dynamic policy function module is a distributed module forming portions of two or more devices 
of the network infi-astructure (figure). 

Regarding claim 24, Boiikoba teaches the system as claimed in claim 23 wherein the two 
or more devices are selected from a combination of one or more servers and one or more 
interconnection devices or a combination of two or more interconnection devices (figure). 
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Regarding claim 25, Boukoba teaches the system as claimed in claim 20 wherein the 
means for saving set and modified policies includes means for caching the set and modified 
policies on a centralized network device, a local network device, or a combination of a 

centralized network device and a local network device (figure; coL 18, lines 49-53). 



Regarding claim 26, although Boukoba does not teach the system as claimed in claim 18 
wherein the means for obtaining information associated with the network system includes IEEE 
802. IX authentication, RADIUS authentication, or a combination of IEEE 802. IX authentication 
and RADIUS authentication of the attached fiinction, this feature is well known in the art as 
taught by Applicant's background in the specification. 

Claims 27-31 are similar to claims 18-22, therefore are rejected under the same rationale. 

Response to Arguments 
Applicant's arguments have been considered but are moot in view of the new ground(s) 
of rejection. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Alina N. Boutah whose telephone number is 571-272-3908. The 
examiner can normally be reached on Monday-Friday (9:00 am - 5:00 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A. Wiley can be reached on 571-272-3923. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
AppUcation Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



ANB 



